<p>Introduction - Jestico + Whiles is committed to protecting personal data. This statement describes why and how we collect and use personal data and applies to all personal data held by Jestico + Whiles. Personal data is any information relating to an identifiable living person. Our policy is to be clear, when collecting and using personal data, about why and how we process personal data. We recognise that data protection is an ongoing responsibility and we will keep this privacy statement under regular review. We may change this privacy statement from time to time in order to reflect changes in the law and our privacy practices. </p><p>
Security - We take the security of all the data very seriously. Jestico + Whiles is implementing independently audited information security standards in accordance with the requirements set out in ISO27001. We have a robust framework of policies, procedures and training in place covering data protection, confidentiality and security. </p><p>
Data controller and contact information - The data controller is Jestico + Whiles + Associates Ltd.

If you have any questions about this privacy statement or how and why we process personal data, please contact us at: Data Protection Officer

Jestico + Whiles
Sutton Yard
65 Goswell Road
London EC1V 7EN
Email: gdpr@jesticowhiles.com
Phone: +44 (0)207 380 0382 </p><p>
Personal information - Personal information that we process in connection with our business services include personal and contact details, such as: title, full name, contact details, contact details history and contract/service information. This information is generally provided by the individual involved or those within their business for professional purposes.

The legal basis on which we retain personal data is to enable us to manage and conduct our professional services, including the auditing of our business operations, to comply with legal and regulatory obligations and in some instances for direct marketing purposes, relating solely to our business.

Jestico + Whiles is based in the UK and has a satellite office in Prague, Czech Republic. Generally, personal data will remain within the European Economic Area (EEA). If there are occasions where the transfer of data outside of the EEA is necessary, we will ensure that suitable safeguards are in place. </p><p>
Sharing personal data with third parties - We will only share personal data with others for legitimate business purposes. For example, as may be required by Governmental and regulatory bodies such as HMRC, the Health & Safety Executive and the Financial Conduct Authority or organisations and businesses who provide services to us, such as back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions.

When we share data with others, we have procedures in place to ensure that they protect that data and comply with data protection, confidentiality and security standards. </p><p>
Data retention - We will not hold personal data for any longer than we deem necessary. The retention of data will be reviewed against reasonable business needs, such as managing our business relationships and any ongoing services. We will also retain data for as long as a claim might be brought against us, whether contractually or otherwise. Retention periods will remain in line with legal and regulatory requirements. </p><p>
Individuals’ rights - Individuals have certain rights over their personal data. Jestico + Whiles are data controllers. We decide how and why personal data is processed and are therefore responsible for fulfilling these rights. Where we are a data controller, we have provided further information about the rights that individuals have and how to exercise them below.</p><p>Access to personal data - You have a right of access to personal data held by us as a data controller. This right may be exercised by emailing the practice. Subject to the extent and nature of the information requested, we will charge for access in accordance with applicable law. We will respond to any requests within the legally required time limits.

Amendment of personal data

To update personal data held by us, you may email us. When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information. </p><p>
Withdrawal of consent - Where we process personal data based on consent, individuals have a right to withdraw consent at any time. We do not generally process personal data based on consent as we typically hold data for legitimate business purposes. To withdraw consent to our processing of your personal data please email us or to stop receiving marketing information or our newsletter or click on the unsubscribe link in the relevant correspondence. </p><p>
Other data subject rights - This privacy statement is intended to provide information about the personal data we collect about you and how it is used. As well as rights of access and amendments, in some circumstances individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion, to restrict or object to our processing of personal data and the right to data portability. </p><p>
Complaints - In the event that you want to complain about our use of your personal data, please send us an email with the details of your complaint. We will consider and respond to any legitimate complaints we receive.

Further information on your rights can be obtained from the ICO website.
</p>